diff options
| author |  Joey Hess <joey@kitenet.net> | 2013-01-08 13:44:38 -0400 |
|---|---|---|
| committer | Joey Hess <joey@kitenet.net> | 2013-01-08 13:44:38 -0400 |
| commit | 97997fae15e821ed698853986ddf1f448b2cd3c8 (patch) | |
| tree | 6a43fe6cee5a084c8099cf243af2b636c93664d5 | |
| parent | 8e26e0d90567d2b002c80a99e12b1b8f756069ad (diff) | |
thoughts on safer direct mode transfers
| -rw-r--r-- | doc/design/assistant/desymlink.mdwn | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/doc/design/assistant/desymlink.mdwn b/doc/design/assistant/desymlink.mdwn index 2b0c4d5a2..fa22923af 100644 --- a/doc/design/assistant/desymlink.mdwn +++ b/doc/design/assistant/desymlink.mdwn @@ -87,6 +87,34 @@ is converted to a real file when it becomes present. * Deal with files changing as they're being transferred from a direct mode repository to another git repository. The remote repo currently will accept the bad data and update the location log to say it has the key. + + This affects both special remotes and git remotes. + + For special remotes, + it seems the best that could be done is to have an error unwind action + passed to `sendAnnex` that is called if the file is modified as it's + transferred. That would then remove the probably corrupted file from the + remote. (The full transfer would still run, unless there was also a way + to cancel an in progress transfer.) + + With the above, there is some potential for the bed content being + downloaded from the special remote into another repo. This would only + happen if the other repo for some reason thinks the special remote + has the content. Since the location log would not be updated until the + transfer is successful, this should not happen. + + For git remotes, add a flag to `git-annex-shell recvkey` (using a field + after the "--" to remain back-compat). With this flag, after receiving + the data, the remote should wait for a signal that the data is good + before it updates the location log. The signal could just be a "1" + sent over the ssh channel. Or another `git-annex-shell` command. + + Also `git-annex-shell sendkey` needs to do something if it sent bad + data. This seems to not need protocol changes; it can just detect + the problem and exit nonzero. Would need to do something to clean up + the temp file, which is probably corrupt. (Could in future use it as a + basis for transferring the new key..) + * kqueue does not deliver an event when an existing file is modified. This doesn't affect OSX, which uses FSEvents now, but it makes direct mode assistant not 100% on other BSD's. |